a p ractical a pproach to m anage p hishing i ncident with url f iltering kasom koth-arsa, surachai...
TRANSCRIPT
![Page 1: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/1.jpg)
A PRACTICAL APPROACH TO MANAGE PHISHING INCIDENT WITH URL FILTERING
Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp
Kasetsart University, Bangkok, Thailand.
![Page 2: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/2.jpg)
AGENDA
IntroductionObjectivePhishing Management System Conclusion
![Page 3: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/3.jpg)
INTRODUCTION
What is Phishing?Why Phishing is important? Who are our concern about
Phishing?
![Page 4: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/4.jpg)
WHAT IS PHISHING?
Phishing is an online form of deception
Attacker pretends to be someone elseTo obtain sensitive information from
the victim
![Page 5: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/5.jpg)
WHY PHISHING IS IMPORTANT?
A serious threat to Internet usageGrowing very fastFrauds that affect many websites
and organizationsMore advanced and complex
techniques to convert the organization websites to the
seemingly trusted financial websites to gain confidential user information.
![Page 6: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/6.jpg)
WHO ARE OUR CONCERN ABOUT PHISHING?
One of the most attacked organizations is education institution.
Organize their network systems by dividing into many sub-departments.
This hierarchical structure causes challenge in management effectiveness and network-security enforcement.
![Page 7: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/7.jpg)
UNINET Largest university network provider in Thailand running by Ministry of Education 1Gbps and 10Gbps link
countrywide UniNet has 431
member institutes 240 Universities 134 Vocational School 57 Primary School
100,000 plus users
Phishing becomes a serious problem!
UniNet
![Page 8: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/8.jpg)
OBJECTIVE
Developing a phishing management solution which covers to handle the whole anti-phishing processes for UniNet Systematic procedureFast responseTracking, monitoring and collecting
phishing information Intelligent URL Filtering system to enforce
the blocking specified URLBlock only the phishing URL, not the whole
site
![Page 9: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/9.jpg)
PHISHING MANAGEMENT SYSTEM
System ModuleAccount ManagementTicket ManagementWeb Filtering
Interaction DiagramUse Case DiagramSystem Configuration
![Page 10: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/10.jpg)
SYSTEM MODULE
Incident Management
Tracker & Reporter
URL Filtering
Account Management
Account Database
PhishingDatabase
Ticket Management
![Page 11: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/11.jpg)
ACCOUNT MANAGEMENT MODULE
Users must register with our system before report the phishing website
Using the following information: Full name Company E-mail Username Password
Identification procedure
![Page 12: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/12.jpg)
TICKET MANAGEMENT MODULE
Manage Phishing events
Easy to manage and track incidents using ticket status
Ticket management
Incident management
Created
Deleted
Tracking & Reporting
Opened
Verified
Canceled
Blocked
Site Take Down
Closed
![Page 13: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/13.jpg)
URL FILTERING (WEB SCREEN)
Phishing system can block/unblock web access to the phishing site through the URL filtering system.
URL Filtering
TCP Session Hijacking Technique
Intercept HTTP request
Inject forged HTTP replyBlock or redirect access of any given URL
![Page 14: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/14.jpg)
PASS-BY URL FILTERING
Traffics are captured and passed by without queuing Zero delay, independent from traffic volume
Ease of Installation (No Traffic Interruption)
Non Blocking Traffic Stream
No Single Point of Failure Scalable
Gateway
Filtering Engine
Client
Internet
3
??
1 2
2
![Page 15: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/15.jpg)
TCP SESSION HIJACKINGFiltering
SYN J
SYN K , ACK J+1
ACK K+1
FIN L
Client Server
Data (HTTP request)
Data (reply)
Packet will be ignored
Faked FIN by Filtering Engine
![Page 16: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/16.jpg)
INTERACTION DIAGRAM
CompanyUniNet
AdministratorUniversity
AdministratorWeb Filtering
Engine
Block the phishing URL
Inform the corresponding university administrator to investigate the incident
Re-verify the URLCancel the blocking of the URL
The ticket is set to canceled
Server investigation/cleaning
Close the ticket, inform both party
Inform that the server already clean
Report a phishing URL (open a ticket)Verify URL
![Page 17: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/17.jpg)
USE CASE DIAGRAM
Company
UniNetAdministrator
UniversityAdministrator
Create
ticket
Manage Account
Block/unblock URL
View ticket
Change
ticket status
Notify incident cleared
Create Account
![Page 18: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/18.jpg)
SYSTEM CONFIGURATION
Gateway
Phishing Filtering Engine
Internet UniNet
Network Backbone
Phishing Management
10G
10G 10G
10G
1G
1G
1G
1G
SPAN
management
![Page 19: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/19.jpg)
USER TICKET TRACKING SCREENSHOT
![Page 20: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/20.jpg)
CONCLUSION
Phishing Management System is now initial deploy on UniNet InfrastructureEnable UniNet to response quicker to
phishing incidentEnable a statistic logging that helps UniNet
anticipate the future problem and improve network security
Design for handle 10Gbps Network (need some more hardware to complete)
![Page 21: A P RACTICAL A PPROACH TO M ANAGE P HISHING I NCIDENT WITH URL F ILTERING Kasom Koth-Arsa, Surachai Chitpinityon, Julllawadee Maneesilp Kasetsart University,](https://reader035.vdocument.in/reader035/viewer/2022062417/55179b0b55034645368b592b/html5/thumbnails/21.jpg)
THANK YOU.